demonstrate IO calls to underlying storage using fuse overlay

[jnoller]

using a fuse -based overlay on top of the OS or docker data disk will show the number / type of syscalls, ebpf exposes this as well in raw numbers and top-callers, however the specific write patterns (eg open after close, etc) to disk through the FS layer matter in high perf environments.

goal: demonstrate the auditing filesystem calls using fuse

[alexeldeib]

we should write a custom bpf program for this, ideally bpftrace since it will be easier. the data is there, just not prepackaged for us (yet). we can plausibly export to prom with ebpf_exporter

[jnoller]

@alexeldeib Agreed - but playing with FuSE is fun... :)